MUADDIB Scanner

Version updated for https://github.com/DNSZLSK/muad-dib to version v2.5.17.

• This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

MUAD’DIB is a security scanning tool designed to detect and mitigate supply chain threats in npm and PyPI dependencies. It combines static and dynamic analysis, deobfuscation, anomaly detection, and behavioral analysis to identify malicious packages, suspicious patterns, and known threats (over 225,000 Indicators of Compromise). The tool automates package scanning, risk scoring, and safe installation processes, providing developers with a free, lightweight first line of defense against dependency-based attacks.

Release notes

Documentation

• 10 files audited and updated
• FPR whitelist bias note added
• CHANGELOG entries v2.5.13-v2.5.17

Metrics

• TPR: 93.9% (46/49)
• FPR: 12.3% (65/529) honest, no whitelisting
• ADR: 94.0% (63/67)
• 1869 tests, 121 rules
• 27 adversarial samples (24 PASS, 3 documented MISS)

• DNSZLSK
• GitHub Actions